17.10 - Database Privilege Types - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

All database privileges are either explicit or implicit.

Privilege Description
Implicit Privileges
Ownership Teradata Vantage™ grants implicit privileges on a database object to the owner of the space that contains the object.

See Ownership Privileges.

Explicit Privileges
Automatic When a user creates a database object, SQL Engine automatically grants privileges to:
  • The creator of the object
  • A newly created user or database

See Automatic Privileges.

GRANT You can GRANT privileges:
  • Directly to a user or database
  • To a role, then GRANT membership in the role to one or more users
  • To an external role, then map the role to one or more groups of directory users

See Working with User Privileges in Teradata Vantage.

Inherited Privileges that a user acquires indirectly:
Assigned Security constraints define user access to table rows protected by a corresponding security constraint column.
You can assign the security constraints in a CONSTRAINT object to a:
  • User, by specifying the CONSTRAINT object in a:
    • CREATE USER or MODIFY USER statement
    • CREATE PROFILE or MODIFY PROFILE statement, and then assigning the profile to the user
    See About Assigning Security Constraints.
    Constraint OVERRIDE privileges, which allow a user to bypass row level security protection, are granted using the GRANT OVERRIDE CONSTRAINT statement.

    See Granting SQL DML OVERRIDE Privileges.

  • Table, by defining a constraint column that is named for the CONSTRAINT object in a CREATE TABLE or ALTER TABLE statement.

    See Working with Security Constraint Columns.